# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, lib, ... }:
let
lock-false = {
Value = false;
Status = "locked";
};
lock-true = {
Value = true;
Status = "locked";
};
lock-empty-string = {
Value = "";
Status = "locked";
};
in {
imports =
[
./hardware.nix
# inputs.home-manager.nixosModules.home-manager
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "yerukall"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_IDENTIFICATION = "de_DE.UTF-8";
LC_MEASUREMENT = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_NUMERIC = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
services.displayManager.sddm.enable = true;
services.desktopManager.plasma6.enable = true;
# Configure keymap
services.xserver.xkb = {
variant = "caps:swapescape";
layout = "de,us,dv2";
extraLayouts.dv2 = {
description = "German Dvorak Type 2";
languages = [ "de" ];
symbolsFile = ./symbols/dv2;
};
};
# Configure console keymap
console.keyMap = "de";
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Enable Bluetooth Support
hardware.bluetooth.enable = true;
# services.blueman.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with ‘passwd’.
users.users.kb-work = {
isNormalUser = true;
description = "kb-work";
extraGroups = [ "networkmanager" "wheel" ];
packages = with pkgs; [
kate
thunderbird
keepassxc
globalprotect-openconnect
vscodium
logseq
ungoogled-chromium
zed-editor # Editor
];
};
services.syncthing = {
enable = true;
configDir = "/home/kb-work/.config/syncthing";
};
services.pcscd.enable = true;
programs.gnupg.agent = {
# enable = true;
pinentryPackage = pkgs.lib.mkForce pkgs.pinentry-qt;
};
programs.firefox = {
enable = true;
nativeMessagingHosts.packages = [ pkgs.firefoxpwa ];
policies = {
# --------- Privacy ---------
DisableTelemetry = true;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableFirefoxAccounts = true;
AutofillAddressEnabled = false;
AutofillCreditCardEnabled = false;
OfferToSaveLogins = false;
FirefoxHome.TopSites = false;
FirefoxHome.SponsoredTopSites = false;
Preferences = {
"browser.newtabpage.pinned" = lock-empty-string;
"browser.topsites.contile.enabled" = lock-false;
};
# -------- Opiniated --------
DontCheckDefaultBrowser = true;
DisableProfileImport = true;
SearchBar = "unified";
SearchEngines.Add = [ # Only Available in ESR Releases https://mozilla.github.io/policy-templates/#searchengines--add
{
Name = "Brave";
URLTemplate = "https://search.brave.com/search?q={SearchTerms}";
Alias = "br";
}
];
ExtensionSettings = { # See https://mozilla.github.io/policy-templates/#extensionsettings
"extension@tabliss.io" = {
install_url = "https://addons.mozilla.org/firefox/downloads/file/3940751/tabliss-2.6.0.xpi";
installation_mode = "normal_installed";
};
"gdpr@cavi.au.dk" = {
install_url = "https://addons.mozilla.org/firefox/downloads/file/4246350/consent_o_matic-1.0.13.xpi";
installation_mode = "normal_installed";
};
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/file/4261710/ublock_origin-1.57.2.xpi";
installation_mode = "normal_installed";
};
"keepassxc-browser@keepassxc.org" = {
install_url = "https://addons.mozilla.org/firefox/downloads/file/4257616/keepassxc_browser-1.9.0.3.xpi";
installation_mode = "normal_installed";
};
"offline-qr-code@rugk.github.io" = {
install_url = "https://addons.mozilla.org/firefox/downloads/file/3870992/offline_qr_code_generator-1.8.xpi";
installation_mode = "normal_installed";
};
"addon@darkreader.org" = {
install_url = "https://addons.mozilla.org/firefox/downloads/file/4262984/darkreader-4.9.83.xpi";
installation_mode = "normal_installed";
};
"firefoxpwa@filips.si" = {
install_url = "https://addons.mozilla.org/firefox/downloads/file/4252822/pwas_for_firefox-2.11.1.xpi";
installation_mode = "normal_installed";
};
};
Bookmarks = [
{
Title = "Syncthing";
URL = "localhost:8384";
Placement = "toolbar";
}
];
};
# profiles.default = {
# id = 0;
# name = "default";
# isDefault = true;
# path = "/home/spiegelma/.mozilla/firefox/m9zcjjpu.default";
# };
# profiles.work = {
# id = 1;
# name = "work";
# isDefault = false;
# search = {
# force = true;
# default = "Brave";
# order = [ "Brave" "StartPage" "DuchDuckGo" "Google" "Bing"];
# engines = {
# "Brave" = {
# urls = [{ template = "https://search.brave.com/search?q={searchTerms}"; }];
# iconUpdateURL = "https://cdn.search.brave.com/serp/v2/_app/immutable/assets/brave-search-icon.CsIFM2aN.svg";
# updateInterval = 24 * 60 * 60 * 1000; # every day
# };
# "StartPage" = {
# urls = [{ template = "https://www.startpage.com/sp/search?query={searchTerms}"; }];
# iconUpdateURL = "https://www.startpage.com/sp/cdn/favicons/favicon-16x16-gradient.png";
# updateInterval = 24 * 60 * 60 * 1000; # every day
# };
# };
# };
# bookmarks = [
# {
# name = "work";
# toolbar = true;
# bookmarks = [
# {
# name = "ohmportal";
# url = "https://my.ohmportal.de/";
# }
# ];
# }
# {
# name = "nixos";
# toolbar = true;
# bookmarks = [
# {
# name = "nix Packages";
# url = "https://search.nixos.org/packages?channel=unstable";
# }
# {
# name = "nix Options";
# url = "https://search.nixos.org/options?channel=unstable";
# }
# {
# name = "home Options";
# url = "https://nix-community.github.io/home-manager/options.xhtml";
# }
# ];
# }
# ];
# };
};
programs.chromium = {
enable = true;
extensions = [
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # uBlock Origin
];
defaultSearchProviderEnabled = true;
defaultSearchProviderSearchURL = "https://search.brave.com/search?q={searchTerms}";
};
# Configure Nix
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"electron-28.3.3"
];
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
git
grim # screenshot functionality
slurp # screenshot functionality
wl-clipboard # wl-copy and wl-paste for copy/paste from stdin / stdout
mako # notification system developed by swaywm maintainer
btop
starship
openconnect
firefoxpwa
gnupg
pinentry-qt
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# enable sway window manager
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
# start SSH Agent
programs.ssh.startAgent = true;
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
services.globalprotect.settings = {
"vpn.ohmportal.de" = {
openconnect-args = "--protocol gp --disable-ipv6";
};
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}